FlaglerLive

No Bull, no Fluff, No Smudges

What You Can Do To Keep Your Data Privacy from Slipping Away

| | 8 Comments

Multifactor authentication is a key step in protecting your data privacy.
Multifactor authentication is a key step in protecting your data privacy. (d3sign/Moment via Getty Images)

By Mike Chapple

Your data privacy is slipping away – here’s why, and what you can do about it

Mike Chapple, University of Notre Dame

Cybersecurity and data privacy are constantly in the news. Governments are passing new cybersecurity laws. Companies are investing in cybersecurity controls such as firewalls, encryption and awareness training at record levels.

And yet, people are losing ground on data privacy.

In 2024, the Identity Theft Resource Center reported that companies sent out 1.3 billion notifications to the victims of data breaches. That’s more than triple the notices sent out the year before. It’s clear that despite growing efforts, personal data breaches are not only continuing, but accelerating.

What can you do about this situation? Many people think of the cybersecurity issue as a technical problem. They’re right: Technical controls are an important part of protecting personal information, but they are not enough.

As a professor of information technology, analytics and operations at the University of Notre Dame, I study ways to protect personal privacy.

Solid personal privacy protection is made up of three pillars: accessible technical controls, public awareness of the need for privacy, and public policies that prioritize personal privacy. Each plays a crucial role in protecting personal privacy. A weakness in any one puts the entire system at risk.

The first line of defense

Technology is the first line of defense, guarding access to computers that store data and encrypting information as it travels between computers to keep intruders from gaining access. But even the best security tools can fail when misused, misconfigured or ignored.

Two technical controls are especially important: encryption and multifactor authentication. These are the backbone of digital privacy – and they work best when widely adopted and properly implemented.

Encryption uses complex math to put sensitive data in an unreadable format that can only be unlocked with the right key. For example, your web browser uses HTTPS encryption to protect your information when you visit a secure webpage. This prevents anyone on your network – or any network between you and the website – from eavesdropping on your communications. Today, nearly all web traffic is encrypted in this way.

But if we’re so good at encrypting data on networks, why are we still suffering all of these data breaches? The reality is that encrypting data in transit is only part of the challenge.

Securing stored data

We also need to protect data wherever it’s stored – on phones, laptops and the servers that make up cloud storage. Unfortunately, this is where security often falls short. Encrypting stored data, or data at rest, isn’t as widespread as encrypting data that is moving from one place to another.

While modern smartphones typically encrypt files by default, the same can’t be said for cloud storage or company databases. Only 10% of organizations report that at least 80% of the information they have stored in the cloud is encrypted, according to a 2024 industry survey. This leaves a huge amount of unencrypted personal information potentially exposed if attackers manage to break in. Without encryption, breaking into a database is like opening an unlocked filing cabinet – everything inside is accessible to the attacker.

Multifactor authentication is a security measure that requires you to provide more than one form of verification before accessing sensitive information. This type of authentication is more difficult to crack than a password alone because it requires a combination of different types of information. It often combines something you know, such as a password, with something you have, such as a smartphone app that can generate a verification code or with something that’s part of what you are, like a fingerprint. Proper use of multifactor authentication reduces the risk of compromise by 99.22%.

While 83% of organizations require that their employees use multifactor authentication, according to another industry survey, this still leaves millions of accounts protected by nothing more than a password. As attackers grow more sophisticated and credential theft remains rampant, closing that 17% gap isn’t just a best practice – it’s a necessity.

Multifactor authentication is one of the simplest, most effective steps organizations can take to prevent data breaches, but it remains underused. Expanding its adoption could dramatically reduce the number of successful attacks each year.

Awareness gives people the knowledge they need

Even the best technology falls short when people make mistakes. Human error played a role in 68% of 2024 data breaches, according to a Verizon report. Organizations can mitigate this risk through employee training, data minimization – meaning collecting only the information necessary for a task, then deleting it when it’s no longer needed – and strict access controls.

Policies, audits and incident response plans can help organizations prepare for a possible data breach so they can stem the damage, see who is responsible and learn from the experience. It’s also important to guard against insider threats and physical intrusion using physical safeguards such as locking down server rooms.

Public policy holds organizations accountable

Legal protections help hold organizations accountable in keeping data protected and giving people control over their data. The European Union’s General Data Protection Regulation is one of the most comprehensive privacy laws in the world. It mandates strong data protection practices and gives people the right to access, correct and delete their personal data. And the General Data Protection Regulation has teeth: In 2023, Meta was fined €1.2 billion (US$1.4 billion) when Facebook was found in violation.

Despite years of discussion, the U.S. still has no comprehensive federal privacy law. Several proposals have been introduced in Congress, but none have made it across the finish line. In its place, a mix of state regulations and industry-specific rules – such as the Health Insurance Portability and Accountability Act for health data and the Gramm-Leach-Bliley Act for financial institutions – fill the gaps.

Some states have passed their own privacy laws, but this patchwork leaves Americans with uneven protections and creates compliance headaches for businesses operating across jurisdictions.

The tools, policies and knowledge to protect personal data exist – but people’s and institutions’ use of them still falls short. Stronger encryption, more widespread use of multifactor authentication, better training and clearer legal standards could prevent many breaches. It’s clear that these tools work. What’s needed now is the collective will – and a unified federal mandate – to put those protections in place.

Mike Chapple is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame.

The Conversation arose out of deep-seated concerns for the fading quality of our public discourse and recognition of the vital role that academic experts could play in the public arena. Information has always been essential to democracy. It’s a societal good, like clean water. But many now find it difficult to put their trust in the media and experts who have spent years researching a topic. Instead, they listen to those who have the loudest voices. Those uninformed views are amplified by social media networks that reward those who spark outrage instead of insight or thoughtful discussion. The Conversation seeks to be part of the solution to this problem, to raise up the voices of true experts and to make their knowledge available to everyone. The Conversation publishes nightly at 9 p.m. on FlaglerLive.
See the Full Conversation Archives

Reader Interactions

Comments

  1. JimboXYZ says

    I’ll go out on a limb here and say that any data breaches are on a Corporate server & database, rather than the individual’s personal devices. Even gas pump or other point of sale credit card scanners are a commercial business’s breach. Individually, all any of the rest of us can do is use the technology that the industry provides us to pay for the inflation. And I’ll even go so far as to say that the major breaches for any mass scale are corporation internal, disgruntled or other criminal employees for their specific individual case for motive. A recent example, the alleged firing of the IT specialist with the St Augustine/Palm Harbor Tea Corporation that was recently reported in the news. There’s your example of any material, “criminally nefarious” intent of a data/privacy breach.

    https://flaglerlive.com/it-attack-firing/

    1

  2. Mr. Robot's Uncle says

    Failed to mention the elephant in the room – cryptocurrency. The real reason attacks are far more frequent is that the thieves have a [mostly] anonymous and yes, even secure way of collecting proceeds when they’re able to penetrate. To call it the Wild Wild West is putting it mildly. Until the good guys figure out a way to address the massive global crypto fraud that we’re up to our necks in, from state sponsored criminal organizations to Wall Street, we’ll continue to see annual multi-fold data breaches. Have to stop incentivising the criminal activity.

    1

  4. Laurel says

    Pogo: Microsoft got hacked.

    Kubunto or Ubuntu? I’m going there, finally getting off my butt. The one disappointment, though, is Linux doesn’t read Adobe. That means at least one computer will need to stay on Microsoft, and the Linux product would have to remain booted off a thumb drive.

    Worth it. I hate Microsoft.

  5. Pogo says

    @Laurel

    Kubuntu: the KDE desktop, version of Ubuntu.

    FWIW — all Linux distributions (versions) work well with .pdf files; get a 16 gig thumb drive, an ISO of Ubuntu, Fedora, et al, and a utility to make the thumb drive a boot disk. Take a test drive — you don’t have to install to use them. See if all your hardware is supported. If you’re not able to take it from here, maybe stay with Windows, it is still the deservedly preeminent PC OS.

    Good luck.

    2

  6. Laurel says

    Kubuntu.

    I never realized that spelling would be so difficult until AI interrupted. Oh well, so far, I still like it.

    So far.

    1

  7. Laurel says

    Pogo: Thanks for the info. Buying a new thumb drive today.

    Deep in the article you attached stated that Adobe will not work with Linux. Maybe that’s old news, or I misinterpreted it. PDFs are necessary today.

    I’ve been using open source Apache Open Office for years now. I really like it, but it has some issues with copy and paste in its Text Document program. So, we’ll see how it works with Ubuntu.

    I’m excited! 👍

    1

  8. Pogo says

    @Laurel

    You’re about to meet LibreOffice; say farewell to its ancestors. I believe many other pleasant surprises await.

    I welcome any and all constructive remarks, comments, statements.

    Laurel, if you use any external storage, for any purpose, e.g., “sneaker net” file transfers, format them for exFAT — you’ll see.
    https://www.google.com/search?q=exFAT

    Happy geeking.

    1

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Conner Bosch law attorneys lawyers offices palm coast flagler county
  • grand living realty
  • politis matovina attorneys for justice personal injury law auto truck accidents